Secure Access Service Edge (SASE), the increasingly popular framework that transforms security and network connectivity technologies into a single cloud-delivered platform, promises to revolutionize wide-area networking to the extent that it will soon eradicate conventional SD-WAN technology.
Kate Adam, senior director of security products at Juniper Networks, said that network leaders shouldn't view SASE as the end of the network as it's currently known, but as a "natural evolution in network technology, one that makes it more scalable and extensible by leveraging the public cloud global infrastructure."
Arthur Iinuma, president of ISBX, an app development firm serving clients including Apple, Nike, L'Oreal, Warner Brothers, Lexus, and Red Bull, observed that SASE offers a cloud-based edge computing solution that gives distributed workforces secure network access. "With an increasingly remote, highly mobile workforce, this solution is needed now more than ever," he stated.
SASE offers an entirely new network architecture that brings applications closer to end-users worldwide, as well as providing secure access. "Connectivity and security services that were previously delivered from a 'heavy branch' are moving to a thin branch, cloud-delivered model where networking and security come together," Adam said. "This [approach] simplifies network and security architecture and promotes a threat-aware network with access and security policies that follow users wherever they go."
SASE's key advantage is its ability to tap into cloud resources, which tend to be far more expansive than the options provided by an on-site data center or any network device, to identify and mitigate security risks, said Andrew De La Torre, Oracle Communications' group vice president of technology. "As cyber criminals get more sophisticated and add computer intelligence to their crimes, the network must stay one step ahead ... by tapping into the power of the cloud," he explained. "A cloud-based security application has the ability to learn from several networks and several security scenarios, which a single application in a data center is incapable of ever achieving."
Given its many inherent attributes, SASE represents a modern, converged approach to networking and security. "SASE addresses the limitations of the traditional network 'hub and spoke' infrastructure model, which connects users in multiple locations—spokes—to resources hosted in centralized data centers—hubs— hosting both applications and data," said Rupesh Chokshi, vice president, AT&T Cybersecurity. With today's hyper-distributed workforces, combined with the rise in complexity of cloud-based services, such as SaaS, organizations need to re-evaluate how network traffic is inspected and how secure user access policies are managed. "[SASE] layered cloud services with separate configuration and management [requirements] are no longer needed since streamlined network and security services create a secure, seamless network edge," he said.
A new journey
SASE marks the beginning of an enterprise’s journey to a more holistic security model, “De La Torre said. "As cloud-based security systems add to their portfolio of cyber activity, the SASE industry will flourish," he predicted.
Still, if one simply accepts the hype presented in SASE vendor marketing forecasts, it might appear that the technology is poised to leap over existing network and security products and services within a matter of months, if not weeks. That's simply not true, Adam cautioned. "Just as we saw with public cloud adoption for applications, it's going to take many years before SASE is the dominant technology," she said. "Even then, there will be some percentage of traditional architectures that remain, so it's imperative that organizations plan their SASE rollouts with a hybrid end-state in mind."
Chokshi agreed, observing that SASE remains a relatively new concept, with mass adoption likely to occur gradually over the next several years. "Gartner expects that by 2025, over 60 percent of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch, and edge access," he noted.
For all of SASE's potential to enable enterprises to rapidly build secure and reliable networks, there's also an important downside to the technology. "While SASE today is all about different networking and security technologies delivered from the cloud, the operational implications of transitioning to a new architecture cannot be forgotten," Adam warned. "SASE technologies must natively work together and be part of a unified management system to make it easier on the administrator [before] organizations can actively realize the simplicity that SASE promises," she noted. Since SASE is networking and security converged, teams representing both of those essential enterprise interests must come together at the start of the planning stage to ensure that SASE will be able to meet requirements in both areas.
Iinuma believes that SASE is destined to become the dominant remote network technology for one simple reason: "It offers quick, secure cloud adoption for organizations of all sizes."